jsnjfz WebStack-Guns SQL Injection Vulnerability in Log Sorting

A SQL injection vulnerability has been identified in jsnjfz WebStack-Guns version 1.0. This issue arises in the PageFactory.java file, where the 'sort' parameter from HTTP requests is not properly sanitized before being passed to the database. This flaw allows authenticated administrators to inject arbitrary SQL commands that are executed with the application's database privileges. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows authenticated administrators to execute arbitrary SQL commands on the application's MySQL database. This could lead to unauthorized data access or manipulation, such as altering user passwords or disrupting service availability. The vulnerability's existence is particularly concerning because the application includes default admin credentials, facilitating remote exploitation on unprotected installations.

Reproduction

To reproduce this vulnerability, log into the WebStack-Guns admin console using the default credentials. Then, access the operation log list while injecting a malicious 'sort' value that includes SQL payloads. The injected SQL will be executed by the database, demonstrating the successful exploitation of the SQL injection vulnerability.

Remediation

It is recommended to implement server-side whitelisting of sortable columns and to replace direct string substitutions in SQL commands with safe, mapped alternatives. Additionally, default admin credentials should be disabled or restricted during the initial setup to minimize the risk of exploitation.